The notorious hacker group Lapsus$ claims to have captured source code from Microsoft. However, Windows does not appear to be affected.
Lapsus$: Hackers steal source code from Microsoft
After Samsung and Nvidia, among others, it seems that Microsoft has now also caught on. According to the US IT security portal Bleeping Computer, the well-known and almost notorious hacker group Lapsus$ claims that it has captured source code from Microsoft. It should be source code from Bing, Cortana and other projects. Lapsus$ claims to have stolen this data from Microsoft’s internal Azure DevOps servers.
The hackers published a screenshot on their Telegram channel on Sunday morning, which is said to show the stolen source code packages on the Azure DevOps servers. Then, Monday night, the hackers uploaded a 9GB 7Zip archive to a file-sharing network. According to Bleeping Computer, this should contain the source code of over 250 Microsoft projects. Lapsus$ claims that the 7Zip archive contains 90 percent of the Bing source code and about 45 percent of the Bing Maps and Cortana code. According to Bleeping Computer, the archive contains 37 GB of Microsoft source code.
No Windows code
Security researchers who looked at the leaked files told Bleepingcomputer that it appears to be genuine Microsoft internal source code. Emails and documentation used by Microsoft developers to publish mobile applications should also be included. The projects seem to be web-based infrastructures, websites or mobile applications. Source code for Microsoft desktop software, primarily Windows, Windows Server and Microsoft Office, is not included in the leak.
Microsoft confirms investigation
Microsoft told Bleepingcomputer that it would investigate the incident. Also to an editor at IT news site The Verge
Microsoft that it is investigating the hacker group’s claim.
Microsoft tells me it’s investigating claims the LAPSUS$ ransomware group has gained access to its internal DevOps platform. “We are aware of the claims and are investigating,” says a Microsoft spokesperson https://t.co/znSL7mBcic
— Tom Warren (@tomwarren) March 21, 2022
The key question is still unanswered: How did the hackers get the data? According to Bleepingcomputer, security experts suspect that the hackers paid Microsoft employees to get the data. In line with this, Lapsus$ is specifically looking for employees of large IT companies such as Microsoft, Apple, EA or IBM in order to pay them for information.
Samsung hacked: Explosive data on Galaxy devices leaked
Cybersecurity incident confirmed at Ubisoft
Nvidia data theft: hackers set an ultimatum until Friday – or all data will be leaked